System for technology anomaly detection, triage and response using solution data modeling

ABSTRACT

Embodiments of the present invention provide a system for technology anomaly detection, triage, and response using solution data modeling. The system is configured for generating solution data models comprising a plurality of asset systems and a plurality of users, continuously monitoring the plurality of asset systems and detecting an anomaly associated with the one or more tasks associated with at least a first group of asset systems of the plurality of asset systems, extracting a first solution data model associated with the first group of asset systems, identifying one or more relationships associated with the first group of systems based on the extracted first solution data model, and identifying a point of failure associated with the anomaly and the first group of asset systems based on the one or more relationships.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of and claims priority from allowed,co-pending U.S. patent application Ser. No. 15/814,028, filed on Nov.15, 2017 and entitled “System for Technology Anomaly Detection, Triageand Response Using Solution Data Modeling”.

FIELD

The present invention relates to technology anomaly detection, triageand response using generated solution data modeling.

BACKGROUND

Present conventional systems do not have the capability to identify allexisting relationships within an entity. Lack of sufficient informationassociated with one or more relationships within an entity makes itdifficult to detect technology anomalies efficiently and perform triagein response to detecting technology anomalies within the entity. Assuch, there exists a need for a system to identify all existingrelationships within the entity and perform technology anomalydetection, triage and response.

SUMMARY

The following presents a simplified summary of one or more embodimentsof the present invention, in order to provide a basic understanding ofsuch embodiments. This summary is not an extensive overview of allcontemplated embodiments, and is intended to neither identify key orcritical elements of all embodiments nor delineate the scope of any orall embodiments. Its sole purpose is to present some concepts of one ormore embodiments of the present invention in a simplified form as aprelude to the more detailed description that is presented later.

Embodiments of the present invention address the above needs and/orachieve other advantages by providing apparatuses (e.g., a system,computer program product and/or other devices) and methods fortechnology anomaly detection, triage, and response using solution datamodeling. The system embodiments may comprise one or more memory deviceshaving computer readable program code stored thereon and wherein the oneor more memory devices further comprises a model database and a solutiondatabase, a communication device, and one or more processing devicesoperatively coupled to the one or more memory devices, wherein the oneor more processing devices are configured to generate one or moresolution data models comprising a plurality of asset systems and aplurality of users, wherein each of the plurality of asset systems isassociated with at least one user of the plurality of users and whereinat least a first of the plurality of asset systems is associated with atleast a second of the plurality of asset systems, store the one or moresolution data models in the model database, continuously monitor theplurality of asset systems, detect an anomaly associated with one ormore tasks associated with at least a first group of asset systems ofthe plurality of asset systems based on continuously monitoring theplurality of asset systems, extract a first solution data modelassociated with the first group of asset systems from the model databasebased on detecting the anomaly associated with the one or more tasks,identify one or more relationships associated with the first group ofasset systems based on the extracted first solution data model, andidentify a point of failure associated with the anomaly and the firstgroup of asset systems based on the one or more relationships, whereinthe point of failure is associated with a first asset system of thefirst group of systems.

In some embodiments, generating the one or more solution data modelscomprises accessing one or more authentication systems, wherein the oneor more authentication systems comprise authentication informationassociated with the plurality of asset systems and the plurality ofusers, extracting the authentication information associated with theplurality of asset systems and the plurality of users, accessing one ormore human resources systems, wherein the one or more human resourcessystems comprise human resources information associated with theplurality of users, extracting the human resources informationassociated with the plurality of users, accessing one or more assetmanagement systems, wherein the one or more asset management systemscomprise asset information associated with at least type and location ofthe plurality of asset systems, extracting the asset informationassociated with plurality of asset systems, identifying a first set ofrelationships between each of the plurality of asset systems based onthe extracted authentication information, identifying a second set ofrelationships between each of the plurality of users and each of theplurality of asset systems based on the extracted authenticationinformation, and formulating the one or more solution data models basedon the first set of relationships, the second set of relationships,asset information, and the human resources information.

In some embodiments, identifying the one or more relationshipsassociated with the first group of systems further comprises identifyingone or more upstream systems associated with the first group of assetsystems, identifying one or more downstream systems associated with thefirst group of asset systems, and identifying one or more applicationsassociated with the first group of systems.

In some embodiments, identifying the point of failure comprisesdetermining at least one change implemented on the first group of assetsystems within a predetermined amount of time, and identifying source ofthe at least one change implemented on the first group of asset systemsbased on the one or more relationships, wherein the source of the atleast one change is the first asset system.

In some embodiments, the one or more processing devices are furtherconfigured to execute the computer readable code to transmit anotification to at least one user of the plurality of users associatedwith the first group of asset systems, wherein the notificationcomprises the point of failure and type of the at least one changeimplemented on at least the first asset system, receive a solution fromthe at least one user to resolve the anomaly associated with the one ormore tasks associated with the point of failure, and implement thesolution received from the at least one user, wherein the solution isassociated at least with the point of failure.

In some embodiments, the one or more processing devices are furtherconfigured to execute the computer readable code to determine that theanomaly associated with the one or more tasks has been resolved inresponse to implementing the solution associated with the point offailure.

In some embodiments, the one or more processing devices are furtherconfigured to execute the computer readable code to store the point offailure and the solution in the solution database based on determiningthat the failure of the one or more tasks has been resolved.

The features, functions, and advantages that have been discussed may beachieved independently in various embodiments of the present inventionor may be combined with yet other embodiments, further details of whichcan be seen with reference to the following description and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the invention in general terms,reference will now be made to the accompanying drawings, where:

FIG. 1 presents a block diagram illustrating the technology anomalydetection system environment, in accordance with embodiments of thepresent invention.

FIG. 2 presents a block diagram illustrating authentication informationpresent in one or more authentication systems, in accordance withembodiments of the present invention.

FIG. 3 presents a block diagram illustrating asset information presentin one or more asset management systems, in accordance with embodimentsof the present invention.

FIG. 4 presents a block diagram illustrating human resources informationpresent in one or more human resources systems, in accordance withembodiments of the present invention.

FIG. 5 presents a block diagram illustrating a combined solution datamodel generated by a resource entity system, in accordance withembodiments of the present invention.

FIG. 6 presents a process flow illustrating generation of combinedsolution data model, in accordance with embodiments of the presentinvention.

FIG. 7 present a process flow illustrating detection of technologyanomalies and performing triage on the detected anomalies, in accordancewith embodiments of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Embodiments of the invention will now be described more fullyhereinafter with reference to the accompanying drawings, in which some,but not all, embodiments of the invention are shown. Indeed, theinvention may be embodied in many different forms and should not beconstrued as limited to the embodiments set forth herein; rather, theseembodiments are provided so that this disclosure will satisfy applicablelegal requirements. In the following description, for purposes ofexplanation, numerous specific details are set forth in order to providea thorough understanding of one or more embodiments. It may be evident;however, that such embodiment(s) may be practiced without these specificdetails. Like numbers refer to like elements throughout.

Systems, methods, and computer program products are herein disclosedthat provide for creating relationships between multiple asset systems,plurality of users, one or more applications, one or more logicalassets, and/or the like leveraging existing data sets in one or moresystems associated with a resource entity. Conventional systems utilizeauto discovery tools to create the above-mentioned relationships.However, the conventional auto discovery tools identify relationshipsbetween multiple asset systems by crawling into multiple systems basedon a set of rules and accessing configuration files, or the like andcannot identify all existing relationships within an entity. Theconventional auto discovery tools cannot identify relationships betweenthe multiple asset systems and the one or more logical assets, one ormore applications, and the plurality of users associated with theentity. Additionally, the conventional auto discovery tools aredifficult to install, configure, and manage. The present systemleverages already existing data within HR systems, asset managementsystems, and authentication systems providing authentication for themultiple asset systems, plurality of users, one or more applications, orthe like to create combined solution data models comprisingrelationships between multiple asset systems, plurality of users, one ormore applications, one or more logical assets.

Present conventional systems also do not have the capability to detecttechnology anomalies without the information associated with multipleasset systems, the plurality of users, and the one or more logicalassets. For example, any of the processes within the entity maysometimes yield abnormal results or may encounter various errors and theprocesses may be performed by a group of asset systems, and a group ofapplications with or without the input of the plurality of users.Without the solution data models, it is very difficult of identify whichof the group of asset systems or the group of applications is causingthe abnormal results or various errors and thereby causing a delay inperforming triage and responding to the event. In some cases, when thereis a delay in responding and performing triage, all of the asset systemsassociated with the point of failure may be affected causing a halt toall processes within the entity, thereby causing an outage. The presentinvention, based on the generated combined solution data models,instantly identifies a point of failure for an anomaly upon detectingthe anomaly. Therefore, the present invention eliminates the possibilityof a blackout by responding and performing triage instantly.

In accordance with embodiments of the invention, the terms “resourceentity system” or “resource entity” or “entity” may include anyorganization that processes financial transactions including, but notlimited to, banks, credit unions, savings and loan associations, cardassociations, settlement associations, investment companies, stockbrokerages, asset management firms, insurance companies and the like.

Many of the example embodiments and implementations described hereincontemplate interactions engaged in by a user with a computing deviceand/or one or more communication devices and/or secondary communicationdevices. A “user”, as referenced herein, may refer to an entity orindividual that has the ability and/or authorization to access and useone or more resources or portions of a resource. In some embodiments,the “user” or “plurality of users” may be one or more associates,employees, agents, contractors, sub-contractors, third-partyrepresentatives, customers, and/or the like. Furthermore, as usedherein, the term “asset systems” or “asset” may refer to mobile phones,computing devices, tablet computers, wearable devices, smart devicesand/or any portable electronic device capable of receiving and/orstoring data therein.

A “user interface” is any device or software that allows a user to inputinformation, such as commands or data, into a device, or that allows thedevice to output information to the user. For example, the userinterface includes a graphical user interface (GUI) or an interface toinput computer-executable instructions that direct a processing deviceto carry out specific functions. The user interface typically employscertain input and output devices to input data received from a usersecond user or output data to a user. These input and output devices mayinclude a display, mouse, keyboard, button, touchpad, touch screen,microphone, speaker, LED, light, joystick, switch, buzzer, bell, and/orother user input/output device for communicating with one or more users.

A “system environment”, as used herein, may refer to any informationtechnology platform of an enterprise (e.g., a national or multi-nationalcorporation) and may include a multitude of servers, machines,mainframes, personal computers, network devices, front and back endsystems, database system and/or the like.

FIG. 1 illustrates a technology anomaly detection system environment100, in accordance with embodiments of the invention. As illustrated inFIG. 1, one or more resource entity systems 10 are operatively coupled,via a network 3, to asset systems 21, authentication system 20, assetmanagement systems 30, and human resources (HR) systems 40. In this way,the plurality of users 4 (e.g., one or more associates, employees,agents, contractors, sub-contractors, third-party representatives,customers, or the like), through a user application 27 (e.g., webbrowser, resource entity application, authentication application, or thelike), may access the asset systems 21 and other resource entityapplications 17 (web application, anomaly detection application, or thelike) stored in the resource entity systems 10. In some embodiments, theanomaly detection application may be a part of an independent technologyanomaly detection system. In such an embodiment, the independenttechnology anomaly detection system is maintained and operated by theresource entity systems 10. The independent technology anomaly detectionsystem may comprise one or more processing devices operatively coupledto the one or more memory devices and configured to execute computerreadable code stored in the one or more memory devices.

The network 3 may be a global area network (GAN), such as the Internet,a wide area network (WAN), a local area network (LAN), or any other typeof network or combination of networks. The network 3 may provide forwireline, wireless, or a combination of wireline and wirelesscommunication between systems, services, components, and/or devices onthe network 3.

As illustrated in FIG. 1, the resource entity systems 10 generallycomprise one or more communication components 12, one or more processingcomponents 14, and one or more memory components 16. The one or moreprocessing components 14 are operatively coupled to the one or morecommunication components 12 and the one or more memory components 16. Asused herein, the term “processing component” generally includescircuitry used for implementing the communication and/or logic functionsof a particular system. For example, a processing component 14 mayinclude a digital signal processor component, a microprocessorcomponent, and various analog-to-digital converters, digital-to-analogconverters, and other support circuits and/or combinations of theforegoing. Control and signal processing functions of the system areallocated between these processing components according to theirrespective capabilities. The one or more processing components 14 mayinclude functionality to operate one or more software programs based oncomputer-readable instructions 18 thereof, which may be stored in theone or more memory components 16. The authentication systems 20, theasset management systems 30, the human resources systems 40 may comprisesimilar structure and components as of the resource entity system 10such as one or more communication components, one or more processingcomponents, and one or more memory components.

The one or more processing components 14 use the one or morecommunication components 12 to communicate with the network 3 and othercomponents on the network 3, such as, but not limited to, the componentsof the asset systems 21, the authentication systems 20, asset managementsystems 30, HR systems 40, or other systems. As such, the one or morecommunication components 12 generally comprise a wireless transceiver,modem, server, electrical connection, electrical circuit, or othercomponent for communicating with other components on the network 3. Theone or more communication components 12 may further include an interfacethat accepts one or more network interface cards, ports for connectionof network components, Universal Serial Bus (USB) connectors and thelike.

As further illustrated in FIG. 1, the resource entity systems 10comprise computer-readable instructions 18 stored in the memorycomponent 16, which in one embodiment includes the computer-readableinstructions 18 of the resource entity application 17 (e.g., websiteapplication, anomaly detection application, or the like). In someembodiments, the one or more memory components 16 include one or moredata stores 19 for storing data related to the resource entity systems10, including, but not limited to, data created, accessed, and/or usedby the resource entity application 17. In embodiments of the presentinvention, the one or more data stores store the information extractedfrom the authentication systems 20, asset management systems 30, HRsystems 40, and/or the like. In some embodiments, information associatedwith the one or more assets, one or more applications and logicalassets, the plurality of users is gathered by the resource entityapplications 17 by communicating with other resource entity systems suchas HR systems 40, asset management systems 30, authentication systems40, and/or other systems associated with the resource entity.Additionally, the resource entity systems 10 comprise an artificialintelligence engine stored in the memory component 16 to generate one ormore combined solution data models, in accordance with embodiments ofthe present invention. In embodiments of the present invention, thememory component 16 comprises a model database comprising the generatedone or more combined solution data models. In some embodiments, thesystem the memory component 16 comprises a solution database to storethe solutions associated with various anomalies encountered by any ofthe asset systems 21, thereby enabling the system to respond and performtriage instantly by extracting, from the solution database, a solutionfor a similar anomaly encountered by the entity in the past.

As illustrated in FIG. 1, the plurality of users 4 may access theresource entity application 17, or other applications, through the assetsystems 21. The asset systems 21 may be a desktop, mobile device (e.g.,laptop, smartphone device, PDA, tablet, or other mobile device), or anyother type of computer that generally comprises one or morecommunication components 22, one or more processing components 24, andone or more memory components 26. In some embodiments, the asset systems21 may be servers. In some embodiments, the asset systems 21 may becloud servers. In some embodiments, the asset systems may berepositories and/or the like.

The one or more processing components 24 are operatively coupled to theone or more communication components 22 and the one or more memorycomponents 26. The one or more processing components 24 use the one ormore communication components 22 to communicate with the network 3 andother components on the network 3, such as, but not limited to, theresource entity systems 10, the authentication systems 20, the HRsystems 40, the asset management systems 30, and/or other systems. Assuch, the one or more communication components 22 generally comprise awireless transceiver, modem, server, electrical connection, or othercomponent for communicating with other components on the network 3. Theone or more communication components 22 may further include an interfacethat accepts one or more network interface cards, ports for connectionof network components, Universal Serial Bus (USB) connectors and thelike. Moreover, the one or more communication components 22 may includea keypad, keyboard, touch-screen, touchpad, microphone, mouse, joystick,other pointer component, button, soft key, and/or other input/outputcomponent(s) for communicating with the users 4.

As illustrated in FIG. 1, the asset systems 21 may havecomputer-readable instructions 28 stored in the one or more memorycomponents 26, which in one embodiment includes the computer-readableinstructions 28 for user applications 27, such as authenticationapplication (e.g., apps, applet, or the like), other resource entityapplications, a web browser or other apps that allow the plurality ofusers 4 to take various actions, including allowing the plurality ofusers 4 to access applications located on other systems, or the like.The one or more memory components 26 comprise one or more data stores 29to store data accessed by the asset systems 21 or data required toperform one or more processes or operations assigned to the assetsystems 21. In some embodiments, the plurality of users utilizes theuser applications 27, through the asset systems 21, to access theresource entity applications 17 to perform various day to dayorganizational processes. In some embodiments, plurality of users 4 mayutilize a HR application to store human resources information in the HRsystems 40. In some embodiments, the plurality of users 4 may utilizeasset management application to add information about new asset systems,delete information associated with old asset systems, modify location ofthe existing asset systems, and/or the like.

FIG. 2 presents a block diagram 200 illustrating authenticationinformation present in one or more authentication systems. The one ormore authentication systems 20 are any systems which controlauthorizations and authentications within the resource entity. The oneor more authentication systems comprise authentication information andauthorization information associated with one or more asset systems 21,plurality of users 4, one or more applications, and/or the like.Typically, one or more asset systems 21 (such asset system 1 210, assetsystem 2 220, and asset system N 230) within an entity communicate witheach other to implement multiple processes. For the one or more assetsystems 21 to communicate with each other, authentication is necessary.For example, asset system 1 210 may access asset system 2 220 only aftersuccessful authentication. The one or more authentication systems 20facilitate authentication between asset system 1 210 and asset system 2220, wherein the authentication between asset system 1 210 and assetsystem 2 220 may be unidirectional or bidirectional. In someembodiments, the one or more authentication systems 20 may receive arequest from asset system 1 210 to access asset system 2 220. Uponreceiving the request, the one or more authentication systems 20 accessa data store comprising approved authorizations within the resourceentity, determine that the asset system 1 210 has authorization toaccess asset system 2 220, and authorize asset system 1 210 to accessasset system 2 220. Approval for authorizations may be provided by auser of the plurality of users. Similarly, the one or moreauthentication systems provide authentication between plurality of users4 and the one or more asset systems 21. For example, a user of theplurality of users 4 may send a request to the one or moreauthentication systems to access any one of the asset systems 21. Theplurality of users 4 may belong to one or more organizational groups(organizational group 1 240, organizational group 2 250, operationalgroup N 260). Organizational group may be defined as a group withmultiple users belonging to a line of business. In one example, a groupof users associated with human resources department are associated withhuman resources organizational group. In some embodiments, theauthorizations to asset systems may be based on the organizationalgroups of the plurality of users. For example, ‘n’ number of usersassociated with organization group 1 240 may have authorization toaccess asset system 1 210. In some embodiments, the one or moreauthorization systems 20 may facilitate access between one or moreapplications within a resource entity. In some embodiments, the one ormore authorization systems 20 may facilitate access between one or moreapplications within the entity and the plurality of users 4. In someembodiments, the one or more authorization systems 20 may facilitateaccess between one or more applications within the entity and the one ormore asset systems 21.

FIG. 3 presents a block diagram 300 illustrating asset informationpresent in one or more asset management systems 30. The one or moreasset management systems 30 are any systems which manage and control oneor more asset systems 21 within the resource entity. The one or moreasset management systems 30 comprise information associated with the oneor more asset systems 21 and the one or more applications within theresource entity. The one or more applications may be any softwareapplications owned, maintained or utilized by the resource entity. Insome embodiments, the one or more asset management systems 30 compriseinformation associated with asset type 310, environment 320, logicalasset 340, application 350, and location 360 of the one or more assetsystems 21. Asset type 310 defines the type of the one or more assetsystems 21. For example, the one or more asset management systems 30comprise information associated with the type of asset system 1 210shown in FIG. 2, wherein the asset system 1 210 may be a repository. Theone or more assets systems 21 may be repositories, relationshipmanagement systems, transaction systems, knowledge management systems,business intelligence systems, user systems assigned to the plurality ofusers 4, and/or the like. In one embodiment, the one or more assetmanagement systems 30 comprise information associated with environment320 of the one or more asset systems 21. Environment 320 may defineoperating system properties, physical properties, software properties,and/or the like of the one or more asset systems 21. In one embodiment,the one or more asset management systems 30 comprise informationassociated with location 360 of the one or more asset systems 21. Forexample, the one or more asset management systems 30 comprise physicaladdress including country, state, city, street address, building number,floor number, cubicle location, and/or the like associated with thelocation of the asset system 1 210. In one embodiment, the one or moreasset management systems 30 comprise information with logical assets 340associated with the one or more asset systems 21. Logical assetinformation 340 may include logical partitions, virtual assets, and/orthe like associated with each of the one or more asset systems 21. Forexample, asset system 1 210 may be configured into one or more virtualassets which may be utilized by any of the plurality of users 4 from anynetwork associated with the resource entity. In one embodiment, the oneor more asset management systems 30 comprise information withapplications 360 associated with the one or more asset systems 21.

FIG. 4 presents a block diagram 400 illustrating presents a blockdiagram illustrating human resources information present in one or morehuman resources systems 40. The one or more human resources systems 40may be any systems utilized by the human resources organization groupwithin the resource entity. The one or more human resources systemscomprise information associated with the plurality of users 4 within theresource entity. In one embodiment, the one or more human resourcessystems 40 comprise information associated with organization 410 of theplurality of users 4. The plurality of users 4 may be agents,contractors, sub-contractors, third-party representatives, and/or thelike. Contractors, sub-contractors, third party representatives, may beassociated with third party entities. For example, the one or more humanresources systems may comprise organization information 410 associatedwith a first user of the plurality of users 4. The first user may beassociated with a first third party entity, wherein the third-partyentity provides one or more contractors to the resource entity. In oneembodiment, the one or more human resources systems 40 may compriseinformation associated with hierarchy information 420 associated withthe plurality of users 4. For example, the one or more human resourcessystems 40 may comprise hierarchy information 420 associated with eachof the plurality of users 4 such as one or more users reporting to afirst user of the plurality of users 4, a reporting manager associatedwith the first user, one or more applications managed by the first user,and/or the like. In one embodiment, the one or more human resourcessystems 40 may comprise information associated with location 440 of eachof the plurality of users 4. For example, the one or more humanresources systems 40 comprise location information 440 associated with afirst user of the plurality of users 4 such as work location addressincluding country, state, city, street address, building number, floornumber, cubicle location, and/or the like. In some embodiments, the oneor more human resources systems 40 comprise all work locationsassociated with each of the plurality of users including the home/workaddress, country, state, city, street address, building number, floornumber, cubicle location, IP address, and/or the like.

FIG. 5 presents a block diagram 500 illustrating a combined solutiondata model generated by the artificial intelligence engine of theresource entity system 10. The resource entity system 10 extractsauthentication information 200 from the one or more authenticationsystems 20, asset information 300 from the one or more asset managementsystems 30, human resources information 400 from the one or more humanresources systems 40, and/or the like. The artificial intelligenceengine intelligently applies logic to the extracted information from oneor more systems and formulates a combined solution data model comprisingone or more relationships between one or more assets systems 21, theplurality of users 4, and one or more logical assets and applicationswithin the resource entity. In some embodiments, the combined solutiondata model may be stored in the form of database tables. The combinedsolution data models may be stored in any of available operationaldatabases, relational databases, distribute databases, key valuedatabases, column oriented databases, cloud database, big data, mobiledatabase, active database, parallel database, virtual database,centralized database, navigational database, and/or the like. In someother embodiments, the combined solution data model may be stored in adata store in the form of tree data structure. In some embodiments, thecombined solution data model may be split into multiple trees and eachof the multiple trees may be linked with other multiples trees based onthe one or more relationships. In some embodiment, the combined solutiondata model is in the form of a web. In some embodiments, the combinedsolution data model may be stored in the form of a list. In someembodiments, the combined solution data model may be stored in the formof any available data structures used to representing the one or morerelationships. In some other embodiments, the combined solution datamodels may be stored in any graphical form in the data store of thesystem.

FIG. 6 presents a process flow 600 illustrating generation of combinedsolution data model by the artificial intelligence engine of theresource entity system 10. As shown in block 610, the system accessesone or more authentication systems, wherein the one or moreauthentication systems comprise authentication information associatedwith the one or more asset systems and the plurality of users 4. Theauthentication information may be stored in a data store of theauthentication system and the system may access the data store of theone or more authentication system. In some embodiments, the one or moreauthentication systems may authorize the system to access theauthentication information stored in the data store of the one or moreauthentication systems. As shown in block 620, the system extracts theauthentication information associated with the one or more asset systemsand the plurality of users. In some embodiments, the extractedinformation may include only active authentications present in the datastore. Active authentications may be any authentication used by theplurality of users or the one or more authentication systems or the oneor more applications or logical assets associated with the resourceentity within a predetermined amount of time. In some embodiments, thepredetermined amount of time may be assigned by the resource entity. Forexample, the system may assign twelve months are the predeterminedamount of time. In some embodiments, the system may perform routinemaintenance on the one or more authentication systems 20 at regularintervals and delete all inactive forms of authentication present in theone or more authentication systems, thereby having the information readyfor extraction during the process of generation of the combined solutiondata models. In such embodiments, the system may delete the inactiveauthentications only after receiving an approval from a relevant user.The relevant user may be associated with a first asset system or a firstuser associated with the inactive authentication. For example, theinactive authentication may be associated with a user who is notassociated with the resource entity. The system may identify a reportingmanager assigned to the user and may send the reporting manager arequest for approval to delete the inactive authentication. In someembodiments, the authentication information may include referenceidentifiers associated with the plurality of users 4, the one or moreasset systems 21, the one or more applications or logical assets, and/orthe like. In some embodiments, the authentication information mayinclude historical data logs comprising all authentications approved bythe one or more authentication systems.

As shown in block 630, the system accesses the one or more humanresources systems, wherein the one or more human resources systemscomprise human resources information associated with the plurality ofusers. Human resources information may be inputted into the one or morehuman resources systems 40 by one or more plurality of users associatedwith human resources organizational group. The human resourcesinformation may include location information, hierarchy information,organization information, personal information, and/or the like. Asshown in block 640, the system extracts the human resources informationassociated with the plurality of users. The system upon extracting thehuman resources information may sort the human resources information andstore it in the data store of the system based on the human resourcesidentifier, thereby providing easy retrieval of human resourcesinformation during the process of generating combined solution datamodels.

As shown in block 650, the system accesses the one or more assetmanagement systems, wherein the one or more asset management systemcomprises asset information associated with at least the type andlocation of the one or more asset systems. The asset information mayalso include environment information, logical asset information,application information, and/or the like associated with the one or moreasset systems 21. As shown in block 660, the system extracts assetinformation associated with the one or more asset systems. The system,after extracting the asset information, may sort the asset informationand may store it in the data store of the system based on assetreference identifier, thereby providing easy retrieval of assetinformation during the process of generation of combined solution datamodels.

As shown in block 670, the system identifies a first set ofrelationships between each of the one or more asset systems based on theextracted authentication information. The first set of relationships mayinclude all forms of active authentication records present in theextracted authentication information between each of the one or moreasset systems based on the historical data log information extractedfrom the one or more authentication systems. For example, the system mayidentify all entries in the historical data log information associatedwith a first asset reference identifier. In some embodiments, thesystem, after identifying the first set of relationships, may place thefirst set of relationships in temporary storage of the system such asRandom Access Memory (RAM) for easy retrieval. In such embodiments, thesystem may identify duplicate relationships from the first set ofrelationships and may delete the duplicate relationships before storingthe first set of relationships in the data store. For example, thesystem may identify all entries in the historical log informationassociated with a first reference identifier and a second referenceidentifier. When a first asset system associated with the firstreference identifier and a second asset system associated with thesecond reference identifier communicate with each other, afteridentifying the entries associated with the first asset system and thesecond asset system, the system deletes duplicate records. In someembodiments, the system, after identifying the first set ofrelationships, may place the first set of relationships in bothtemporary storage and permanent storage of the system. Additionally, insome embodiments, the system may also identify relationships betweenmultiple applications based on the extracted authentication information.For example, an application ‘A’ associated with asset system 1 may beaccessing an application ‘B’ in asset system 2 and the system identifiesthe relationship between application ‘A’ and application ‘B’ based onhistorical data log information and may place this information in thetemporary storage for easy retrieval.

As shown in block 680, the system identifies a second set ofrelationships between each of the one or more asset systems and each ofthe plurality of users based on the extracted authenticationinformation. The second set of relationships may include all forms ofactive authentication present in the extracted authenticationinformation between each of the one or more asset systems and each ofthe plurality of users based on the historical data log informationextracted from the one or more authentication systems. For example, thesystem may identify all entries in the historical data log informationassociated with a first human resources identifier. In some embodiments,the system after identifying the second set of relationships, may placethe second set of relationships in the temporary storage of the systemsuch as random access memory for easy retrieval. In such embodiments,the system may identify duplicate relationships from the second set ofrelationships and may delete the duplicate relationships before storingthe second set of relationships in the data store.

As shown in block 690, the system formulates the one or more solutiondata models based on the first set of relationships, the second set ofrelationships, asset information, and the human resources information.For example, for a relationship between the first asset system and thesecond asset system, the system identifies and links the assetinformation associated with the first asset reference identifier and thesecond asset reference identifier with the relationship. In anotherexample, for a second relationship between the first asset system and afirst user, the system identifies and links asset information associatedwith the first asset reference identifier and human resourcesinformation associated with the first human resources identifier withthe relationship. The system combines all relationships and generatescombined solution data models, wherein the combined solution data modelsshow for every asset system one or more users associated with each ofthe asset systems, one or more asset systems connected with the each ofthe asset systems, one or more applications and logical assetsassociated with each of the asset systems. The combined data solutionmodels show lineage within an entity. In some embodiments, the systemmay generate one single unified data solution model. In some otherembodiments, the system may generate multiple data solution models andlink them with identifiers to form a combined solution data model.

FIG. 7 present a process flow 700 illustrating detection of technologyanomalies and performing triage on the detected anomalies. As shown inblock 710, the system detects an anomaly associated with one or moretasks associated with at least first group of systems of the pluralityof asset systems based on continuously monitoring the plurality of assetsystems. Anomalies associated with the one or more tasks may be definedas irregularities in any of the processes performed within the entity.One or more tasks may be any processes or steps within those processesand tasks scheduled to be performed in those steps. In one example,anomaly is an abnormal result of a process or output of the processwhich is different from the normal output. In another example, anomaliesmay be communication issues within one or more asset systems therebyresulting in synchronizing errors. In another example, anomaly may be adata mismatch between asset systems, where dataset ‘B’ is transferred toan asset system ‘B’ from an asset system ‘A’ instead of transferringdataset ‘A.’ In one example, anomaly may be an issue with extraction andtransfer of data, where void data sets are transferred from an assetsystem ‘A’ to an asset system ‘B.’ In one example, anomaly may befailure of software associated with one or more asset systems. In oneexample, anomaly may be failure of hardware associated with one or moreasset systems. In one example, anomaly may be failure of networkcommunication channels associated with one or more asset systems. Insome embodiments, technology anomaly may be associated with anyapplication within the resource entity. In some embodiments, technologyanomaly may be associated with a database or a repository. In someembodiments, technology anomaly may be associated with any processeswithin the resource entity. For example, the process may be transactionprocessing. In some embodiments, technology anomaly may be associatedwith any operations of the resource entity. For example, operations maybe resource planning, resource allocation, application development, orthe like. In some embodiments, the system detects anomalies bycommunicating with the asset management systems 30. For example, theasset management system may comprise information that a group of assetsystems are behaving abnormally or they are not responding to certainprocesses. However, they do not have information on what is causing theanomaly. In some embodiments, the system detects anomalies based oncommunications received from a user or plurality of users. In someembodiments, the memory component 16 of the system comprises amonitoring module which detects flags or triggers raised by one or moreapplications or one or more asset systems and the monitoring moduledetects anomalies within the entity based on identifying flags andtriggers raised. In such an embodiment, wherein the monitoring module ofthe system identifies triggers or flags raised by multiple assetsystems, the flags or triggers may be associated with differentprocesses or operations and multiple flags may be raised by multipleasset systems for a single anomaly making it difficult to identifyduplicates or a point of failure associated with the anomaly based onthe identified triggers and flags.

As shown in block 720, the system extracts a first solution data modelassociated with the first group of asset systems from the model databasebased on detecting the anomaly associated with the one or more tasks. Insome embodiments, the system identifies that the first group of assetsystems are associated with a first anomaly based on the same type offlags or triggers. For example, multiple asset systems or applicationsin the asset systems may raise a same flag for one anomaly. Based onidentifying the first group of asset systems, the system extracts afirst solution data model involving the first group of asset systems.For example, system may search the model database using the assetreference identifiers associated with the first group systems. In someembodiments, when the first solution data model is stored in the form adatabase table, the first solution data model is extracted usingextraction methods associated with the type of database comprising thesolution data models.

As shown in block 730, the system identifies one or more relationshipsassociated with the first group of asset systems based on the extractedfirst solution data model. In some embodiments, identifying the one ormore relationships comprises identifying one or more upstream systemsassociated with the first group of asset systems. In some embodiments,identifying the one or more relationships comprises identifying one ormore downstream systems associated with the first group of assetsystems. In some embodiments, identifying the one or more relationshipscomprises identifying one or more applications associated with the firstgroup of asset systems. The system identifies the one or morerelationships to identify all affected systems, point of origin, andreason associated with the anomaly.

As shown in block 740, the system identifies at least one changeimplemented on the first group of systems within a predetermined amountof time. The at least one change may be recent update to data, operatingsystem, network, software, applications, hardware, and/or the likeassociated with the first group of asset systems. For a process or anoperation associated with the plurality of asset systems 21 to startfunctioning abnormally, there has to be a change or any modificationperformed on the plurality of asset systems 21 between when theprocesses or operations were normal and when the system identified ananomaly. In one embodiment, the anomaly identified by the system may becaused by a change implemented on the first group of asset systems. Forexample, an application may have updated to a new version. In anotherexample, a network associated with the first group of asset systems mayhave been modified. In some embodiments, the anomaly identified by thesystem may have been caused by a change implemented on any of theupstream asset systems. In some embodiments, the system identifies theat least one change by communicating with asset management systems 30and extracting a change log in the asset management systems 30. One ormore changes made to any of the plurality of asset systems 21 within theentity are recorded and stored in the change log. The system extractsthe change log and identifies all changes associated with the firstgroup of asset systems. The system identifies a first set of changesfrom the change log related to the flag or triggers identified by thesystem previously. For example, if a flag associated with the anomaly isa flag associated with void data, the system may identify all changesrelated to extraction application or a database which may have causedthe extracted of void data.

As shown in block 750, the system identifies a source of the at leastone change implemented on the first group of asset systems based on theone or more relationships, wherein the source of the at least one changeis a first asset system. Continuing with the previous example where achange implemented to any of the upstream asset systems in the firstgroup of asset systems, a change applied on the first asset system whichis upstream to all other asset systems within the first group of assetsystems will propagate to all downstream asset systems, thereby causingall the downstream systems to behave abnormally. The system identifiesthe source based on the one or more relationships i.e., by identifyingthe upstream asset systems and downstream asset systems based on theextracted first solution data model.

As shown in block 760, the system identifies a point of failure based onthe identified source of the at least one change. For example, if thesystem identifies that source of the at least one change is the firstasset system, the system determines that the source is the point offailure. In some embodiments, there may be multiple points of failure.In some embodiments, there may be multiple sources of the at least onechange. In such an embodiment, the system based on the type ofidentified flags and triggers, identifies one point of failure causingthe anomaly from the multiple sources.

As shown in block 770, the system transmits a notification to at leastone user of the plurality of users associated with the first group ofasset systems, wherein the notification comprises the point of failureand type of the change implemented on at least the first asset system.The notification may be sent in the form of an automated email,automated voice message, and/or the like comprising the point offailure.

As shown in block 780, the system receives a solution from the at leastone user to resolve the anomaly associated with the one or more tasksassociated with the point of failure. The user upon receiving thenotification may analyze information associated with the notificationand send a solution back to the system. The user may access an interfaceprovided by the anomaly detection application and may submit thesolution to the system. In one exemplary embodiment, the solution may bereverting back the at least one change associated with the first groupof asset systems. For example, if the change was associated with anapplication update to a new version, the system reverts back theapplication to an old version. In another exemplary embodiment, thesolution may be assigning a backup asset system to perform the processesand operations associated with the first asset system. In someembodiments, the system may directly search the solution database to seeif a solution already exists for the anomaly and the point of failureidentified by the system. In one embodiment, wherein the solutionalready exists in the solution database, the system automaticallyimplements the solution associated with the anomaly and the point offailure.

As shown in block 790, the system implements the solution received fromthe at least one user, wherein the solution is associated with the pointof failure. In one exemplary embodiment, wherein the solution receivedfrom the user is to revert back the at least one change associated withthe first group of asset systems, the system reverts back the at leastone change associated with the first group of asset systems. In someembodiments, the system after implementing the solution, determines ifthe anomaly associated with the one or more tasks has been resolved. Inone embodiment, the system determines that the anomaly has been resolvedor not by determining if the flag or trigger associated with the anomalystill exists. In one embodiment, when the system determines that theanomaly has been resolved, the system stores the solution implemented bythe system to resolve the anomaly in the solution database. The systemalso stores information associated with the anomaly, first group ofassets, point of failure, and/or the like along with the solution in thesolution database. In one embodiment, when the system determines thatthe anomaly has not been resolved, the system transmits a secondnotification to the user, wherein the second notification comprisesinformation associated with the implementation and failure of thesolution. In such an embodiment, the system receives a second solutionfrom the user and implements the second solution. The system repeatsthis process until the anomaly has been resolved.

Although many embodiments of the present invention have just beendescribed above, the present invention may be embodied in many differentforms and should not be construed as limited to the embodiments setforth herein; rather, these embodiments are provided so that thisdisclosure will satisfy applicable legal requirements. Also, it will beunderstood that, where possible, any of the advantages, features,functions, devices, and/or operational aspects of any of the embodimentsof the present invention described and/or contemplated herein may beincluded in any of the other embodiments of the present inventiondescribed and/or contemplated herein, and/or vice versa. In addition,where possible, any terms expressed in the singular form herein aremeant to also include the plural form and/or vice versa, unlessexplicitly stated otherwise. Accordingly, the terms “a” and/or “an”shall mean “one or more,” even though the phrase “one or more” is alsoused herein. Like numbers refer to like elements throughout.

As will be appreciated by one of ordinary skill in the art in view ofthis disclosure, the present invention may include and/or be embodied asan apparatus (including, for example, a system, machine, device,computer program product, and/or the like), as a method (including, forexample, a business method, computer-implemented process, and/or thelike), or as any combination of the foregoing. Accordingly, embodimentsof the present invention may take the form of an entirely businessmethod embodiment, an entirely software embodiment (including firmware,resident software, micro-code, stored procedures in a database, or thelike), an entirely hardware embodiment, or an embodiment combiningbusiness method, software, and hardware aspects that may generally bereferred to herein as a “system.” Furthermore, embodiments of thepresent invention may take the form of a computer program product thatincludes a computer-readable storage medium having one or morecomputer-executable program code portions stored therein. As usedherein, a processor, which may include one or more processors, may be“configured to” perform a certain function in a variety of ways,including, for example, by having one or more general-purpose circuitsperform the function by executing one or more computer-executableprogram code portions embodied in a computer-readable medium, and/or byhaving one or more application-specific circuits perform the function.

It will be understood that any suitable computer-readable medium may beutilized. The computer-readable medium may include, but is not limitedto, a non-transitory computer-readable medium, such as a tangibleelectronic, magnetic, optical, electromagnetic, infrared, and/orsemiconductor system, device, and/or other apparatus. For example, insome embodiments, the non-transitory computer-readable medium includes atangible medium such as a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), a compact discread-only memory (CD-ROM), and/or some other tangible optical and/ormagnetic storage device. In other embodiments of the present invention,however, the computer-readable medium may be transitory, such as, forexample, a propagation signal including computer-executable program codeportions embodied therein. In some embodiments, memory may includevolatile memory, such as volatile random access memory (RAM) having acache area for the temporary storage of information. Memory may alsoinclude non-volatile memory, which may be embedded and/or may beremovable. The non-volatile memory may additionally or alternativelyinclude an EEPROM, flash memory, and/or the like. The memory may storeany one or more of pieces of information and data used by the system inwhich it resides to implement the functions of that system.

One or more computer-executable program code portions for carrying outoperations of the present invention may include object-oriented,scripted, and/or unscripted programming languages, such as, for example,Java, Perl, Smalltalk, C++, SAS, SQL, Python, Objective C, JavaScript,and/or the like. In some embodiments, the one or morecomputer-executable program code portions for carrying out operations ofembodiments of the present invention are written in conventionalprocedural programming languages, such as the “C” programming languagesand/or similar programming languages. The computer program code mayalternatively or additionally be written in one or more multi-paradigmprogramming languages, such as, for example, F#.

Some embodiments of the present invention are described herein withreference to flowchart illustrations and/or block diagrams of apparatusand/or methods. It will be understood that each block included in theflowchart illustrations and/or block diagrams, and/or combinations ofblocks included in the flowchart illustrations and/or block diagrams,may be implemented by one or more computer-executable program codeportions. These one or more computer-executable program code portionsmay be provided to a processor of a general purpose computer, specialpurpose computer, and/or some other programmable data processingapparatus in order to produce a particular machine, such that the one ormore computer-executable program code portions, which execute via theprocessor of the computer and/or other programmable data processingapparatus, create mechanisms for implementing the steps and/or functionsrepresented by the flowchart(s) and/or block diagram block(s).

The one or more computer-executable program code portions may be storedin a transitory and/or non-transitory computer-readable medium (e.g., amemory or the like) that can direct, instruct, and/or cause a computerand/or other programmable data processing apparatus to function in aparticular manner, such that the computer-executable program codeportions stored in the computer-readable medium produce an article ofmanufacture including instruction mechanisms which implement the stepsand/or functions specified in the flowchart(s) and/or block diagramblock(s).

The one or more computer-executable program code portions may also beloaded onto a computer and/or other programmable data processingapparatus to cause a series of operational steps to be performed on thecomputer and/or other programmable apparatus. In some embodiments, thisproduces a computer-implemented process such that the one or morecomputer-executable program code portions which execute on the computerand/or other programmable apparatus provide operational steps toimplement the steps specified in the flowchart(s) and/or the functionsspecified in the block diagram block(s). Alternatively,computer-implemented steps may be combined with, and/or replaced with,operator- and/or human-implemented steps in order to carry out anembodiment of the present invention.

While certain exemplary embodiments have been described and shown in theaccompanying drawings, it is to be understood that such embodiments aremerely illustrative of and not restrictive on the broad invention, andthat this invention not be limited to the specific constructions andarrangements shown and described, since various other changes,combinations, omissions, modifications and substitutions, in addition tothose set forth in the above paragraphs, are possible. Those skilled inthe art will appreciate that various adaptations, modifications, andcombinations of the just described embodiments can be configured withoutdeparting from the scope and spirit of the invention. Therefore, it isto be understood that, within the scope of the appended claims, theinvention may be practiced other than as specifically described herein.

INCORPORATION BY REFERENCE

To supplement the present disclosure, this application furtherincorporates entirely by reference the following commonly assignedpatent applications:

U.S. Patent Application Docket Number Ser. No. Title Filed On8016US1.014033.3110 15/814,038 IMPLEMENTING A Nov. 15, 2017 CONTINUITYPLAN GENERATED USING SOLUTION DATA MODELING BASED ON PREDICTED FUTUREEVENT SIMULATION TESTING 8017US1.014033.3111 15/814,044 SYSTEM FOR Nov.15, 2017 REROUTING ELECTRONIC DATA TRANSMISSIONS BASED ON GENERATEDSOLUTION DATA MODELS

What is claimed is:
 1. A system for technology anomaly detection,triage, and response using solution data modeling, the systemcomprising: one or more memory devices having computer readable codestored thereon; one or more processing devices operatively coupled tothe one or more memory devices, wherein the one or more processingdevices are configured to execute the computer readable code to:generate one or more solution data models comprising a plurality ofasset systems and a plurality of users, wherein each of the plurality ofasset systems is associated with at least one user of the plurality ofusers, at least a first of the plurality of asset systems is associatedwith at least a second of the plurality of asset systems, and the one ormore solution data models are generated by: accessing one or moreauthentication systems, wherein the one or more authentication systemscomprise authentication information associated with the plurality ofasset systems and the plurality of users; extracting the authenticationinformation associated with the plurality of asset systems and theplurality of users; accessing one or more human resources systems,wherein the one or more human resources systems comprise human resourcesinformation associated with the plurality of users; extracting the humanresources information associated with the plurality of users; accessingone or more asset management systems, wherein the one or more assetmanagement systems comprise asset information associated with at leasttype and location of the plurality of asset systems; extracting theasset information associated with plurality of asset systems;identifying a first set of relationships between each of the pluralityof asset systems based on the extracted authentication information;identifying a second set of relationships between each of the pluralityof users and each of the plurality of asset systems based on theextracted authentication information; and formulating the one or moresolution data models based on the first set of relationships, the secondset of relationships, the asset information, and the human resourcesinformation; continuously monitor the plurality of asset systems; detectan anomaly associated with one or more tasks associated with at least afirst group of asset systems of the plurality of asset systems based oncontinuously monitoring the plurality of asset systems; extract a firstsolution data model associated with the first group of asset systemsbased on detecting the anomaly associated with the one or more tasks;identify one or more relationships associated with the first group ofasset systems based on the extracted first solution data model; andidentify a point of failure associated with the anomaly and the firstgroup of asset systems based on the one or more relationships, whereinthe point of failure is associated with a first asset system of thefirst group of systems.
 2. The system of claim 1, wherein identifyingthe one or more relationships associated with the first group of systemsfurther comprises: identifying one or more upstream systems associatedwith the first group of asset systems; identifying one or moredownstream systems associated with the first group of asset systems; andidentifying one or more applications associated with the first group ofsystems.
 3. The system of claim 1, wherein identifying the point offailure comprises: determining at least one change implemented on thefirst group of asset systems within a predetermined amount of time; andidentifying source of the at least one change implemented on the firstgroup of asset systems based on the one or more relationships, whereinthe source of the at least one change is the first asset system.
 4. Thesystem of claim 3, wherein the one or more processing devices arefurther configured to execute the computer readable code to: transmit anotification to at least one user of the plurality of users associatedwith the first group of asset systems, wherein the notificationcomprises the point of failure and type of the at least one changeimplemented on at least the first asset system.
 5. The system of claim4, wherein the one or more processing devices are further configured toexecute the receive a solution from the at least one user to resolve theanomaly associated with the one or more tasks associated with the pointof failure; and implement the solution received from the at least oneuser, wherein the solution is associated at least with the point offailure.
 6. The system of claim 5, wherein the one or more processingdevices are further configured to execute the computer readable code todetermine that the anomaly associated with the one or more tasks hasbeen resolved in response to implementing the solution associated withthe point of failure.
 7. The system of claim 6, wherein the one or moreprocessing devices are further configured to execute the computerreadable code to store the point of failure and the solution based ondetermining that the failure of the one or more tasks has been resolved.8. A computer program product for technology anomaly detection, triage,and response using solution data modeling, the computer program productcomprising at least one non-transitory computer readable mediumcomprises computer readable instructions for: generating one or moresolution data models comprising a plurality of asset systems and aplurality of users, wherein each of the plurality of asset systems isassociated with at least one user of the plurality of users, at least afirst of the plurality of asset systems is associated with at least asecond of the plurality of asset systems, and the one or more solutiondata models are generated by: accessing one or more authenticationsystems, wherein the one or more authentication systems compriseauthentication information associated with the plurality of assetsystems and the plurality of users; extracting the authenticationinformation associated with the plurality of asset systems and theplurality of users; accessing one or more human resources systems,wherein the one or more human resources systems comprise human resourcesinformation associated with the plurality of users; extracting the humanresources information associated with the plurality of users; accessingone or more asset management systems, wherein the one or more assetmanagement systems comprise asset information associated with at leasttype and location of the plurality of asset systems; extracting theasset information associated with plurality of asset systems;identifying a first set of relationships between each of the pluralityof asset systems based on the extracted authentication information;identifying a second set of relationships between each of the pluralityof users and each of the plurality of asset systems based on theextracted authentication information; and formulating the one or moresolution data models based on the first set of relationships, the secondset of relationships, the asset information, and the human resourcesinformation; continuously monitoring the plurality of asset systems;detecting an anomaly associated with one or more tasks associated withat least a first group of asset systems of the plurality of assetsystems based on continuously monitoring the plurality of asset systems;extracting a first solution data model associated with the first groupof asset systems based on detecting the anomaly associated with the oneor more tasks; identifying one or more relationships associated with thefirst group of asset systems based on the extracted first solution datamodel; and identifying a point of failure associated with the anomalyand the first group of asset systems based on the one or morerelationships, wherein the point of failure is associated with a firstasset system of the first group of systems.
 9. The computer programproduct of claim 8, wherein identifying the one or more relationshipsassociated with the first group of systems further comprises:identifying one or more upstream systems associated with the first groupof asset systems; identifying one or more downstream systems associatedwith the first group of asset systems; and identifying one or moreapplications associated with the first group of systems.
 10. Thecomputer program product of claim 8, wherein identifying the point offailure comprises: determining at least one change implemented on thefirst group of asset systems within a predetermined amount of time; andidentifying source of the at least one change implemented on the firstgroup of asset systems based on the one or more relationships, whereinthe source of the at least one change is the first asset system.
 11. Thecomputer program product of claim 10, wherein the computer programproduct comprising the at least one non-transitory computer readablemedium further comprises computer readable instructions for:transmitting a notification to at least one user of the plurality ofusers associated with the first group of asset systems, wherein thenotification comprises the point of failure and type of the at least onechange implemented on at least the first asset system.
 12. The computerprogram product of claim 11, wherein the computer program productcomprising the at least one non-transitory computer readable mediumfurther comprises computer readable instructions for: receiving asolution from the at least one user to resolve the anomaly associatedwith the one or more tasks associated with the point of failure; andimplementing the solution received from the at least one user, whereinthe solution is associated at least with the point of failure.
 13. Thecomputer program product of claim 12, wherein the computer programproduct comprising the at least one non-transitory computer readablemedium further comprises computer readable instructions for determiningthat the anomaly associated with the one or more tasks has been resolvedin response to implementing the solution associated with the point offailure.
 14. The computer program product of claim 13, wherein thecomputer program product comprising the at least one non-transitorycomputer readable medium further comprises computer readableinstructions for storing the point of failure and the solution based ondetermining that the failure of the one or more tasks has been resolved.15. A computer implemented method for technology anomaly detection,triage, and response using solution data modeling, the methodcomprising: generating one or more solution data models comprising aplurality of asset systems and a plurality of users, wherein each of theplurality of asset systems is associated with at least one user of theplurality of users, at least a first of the plurality of asset systemsis associated with at least a second of the plurality of asset systems,and the one or more solution data models are generated by: accessing oneor more authentication systems, wherein the one or more authenticationsystems comprise authentication information associated with theplurality of asset systems and the plurality of users; extracting theauthentication information associated with the plurality of assetsystems and the plurality of users; accessing one or more humanresources systems, wherein the one or more human resources systemscomprise human resources information associated with the plurality ofusers; extracting the human resources information associated with theplurality of users; accessing one or more asset management systems,wherein the one or more asset management systems comprise assetinformation associated with at least type and location of the pluralityof asset systems; extracting the asset information associated withplurality of asset systems; identifying a first set of relationshipsbetween each of the plurality of asset systems based on the extractedauthentication information; identifying a second set of relationshipsbetween each of the plurality of users and each of the plurality ofasset systems based on the extracted authentication information; andformulating the one or more solution data models based on the first setof relationships, the second set of relationships, the assetinformation, and the human resources information; continuouslymonitoring the plurality of asset systems; detecting an anomalyassociated with one or more tasks associated with at least a first groupof asset systems of the plurality of asset systems based on continuouslymonitoring the plurality of asset systems; extracting a first solutiondata model associated with the first group of asset systems based ondetecting the anomaly associated with the one or more tasks; identifyingone or more relationships associated with the first group of assetsystems based on the extracted first solution data model; andidentifying a point of failure associated with the anomaly and the firstgroup of asset systems based on the one or more relationships, whereinthe point of failure is associated with a first asset system of thefirst group of systems.
 16. The computer implemented method of claim 15,wherein identifying the one or more relationships associated with thefirst group of systems further comprises: identifying one or moreupstream systems associated with the first group of asset systems;identifying one or more downstream systems associated with the firstgroup of asset systems; and identifying one or more applicationsassociated with the first group of systems.
 17. The computer implementedmethod of claim 15, wherein identifying the point of failure comprises:determining at least one change implemented on the first group of assetsystems within a predetermined amount of time; and identifying source ofthe at least one change implemented on the first group of asset systemsbased on the one or more relationships, wherein the source of the atleast one change is the first asset system.
 18. The computer implementedmethod of claim 17, wherein the method further comprises: transmitting anotification to at least one user of the plurality of users associatedwith the first group of asset systems, wherein the notificationcomprises the point of failure and type of the at least one changeimplemented on at least the first asset system.
 19. The computerimplemented method of claim 18, wherein the method further comprises:receiving a solution from the at least one user to resolve the anomalyassociated with the one or more tasks associated with the point offailure; and implementing the solution received from the at least oneuser, wherein the solution is associated at least with the point offailure.
 20. The computer implemented method of claim 19, wherein themethod further comprises determining that the anomaly associated withthe one or more tasks has been resolved in response to implementing thesolution associated with the point of failure.